Perdonatemi ma forse non sono capace.
Ho beccato un altro hijack non riesco a fermarlo.
il process manager di hijackthis non riesce ad uccidere i processi:
iexplore.exe
intmon.exe
intmonp.exe
popuper.exe

Se qualcuno ci capisce qualcosa........grazie1000

disabilita il ripristino di sistema...

vai in modalità prov

un paio di scansione con antivirus aggiornato e antispyware

e poi riabiliti il ripristino :)

BravoGT83 , prova ad indovinare cosa scrivo adesso????? :)

Posta il log di hijackthis.


:D :D :D

BravoGT83 , prova ad indovinare cosa scrivo adesso????? :)

Posta il log di hijackthis.


:D :D :D
infatti quello l'ho lasciato a te :cool: :D

Perdonatemi ma forse non sono capace.
Ho beccato un altro hijack non riesco a fermarlo.
il process manager di hijackthis non riesce ad uccidere i processi:
iexplore.exe
intmon.exe
intmonp.exe
popuper.exe

Se qualcuno ci capisce qualcosa........grazie1000
trombali in modalitò provvisoria,non dovrebbero far resistenza

BravoGT83 , prova ad indovinare cosa scrivo adesso?????

Posta il log di hijackthis.



infatti quello l'ho lasciato a te

che è questa una S.P.A :D :D
cmq concordo posta il log

BravoGT83 , prova ad indovinare cosa scrivo adesso?????

Posta il log di hijackthis.



infatti quello l'ho lasciato a te

che è questa una S.P.A :D :D
cmq concordo posta il log
hihiihhiihih :D :D :D

hihiihhiihih :D :D :D
;)

ciao, riesci a mandarmi uno di quegli .exe infetti al mio indirizzo [email protected]???

questo è il log:

Logfile of HijackThis v1.99.1
Scan saved at 19.10.46, on 17/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\totò\Desktop\Nuova cartella\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp8009.tmp
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe




Non so più cosa fare....help

questo è il log:

Logfile of HijackThis v1.99.1
Scan saved at 19.10.46, on 17/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\totò\Desktop\Nuova cartella\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp8009.tmp
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe




Non so più cosa fare....help
ecco i lbastardi.
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe questo controllalo
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp8009.tmp
a parte quello che ti ho detto di controllare gli altri fixali immediatamente ;)

ecco i lbastardi.
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe questo controllalo
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp8009.tmp
a parte quello che ti ho detto di controllare gli altri fixali immediatamente ;)

concordo su tutto

su questo non ci devono essere dubbi. Va cancellato immediatamente
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe


questi vanno cancellati (probabilmente in modalità provvisoria e se esistono)

C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe

C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp8009.tmp
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE


:D

concordo su tutto

su questo non ci devono essere dubbi. Va cancellato immediatamente
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe


questi vanno cancellati (probabilmente in modalità provvisoria e se esistono)

C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
;)

Juni questo è un pezzo di software per evitare duplicazioni non autorizzate, di cosa non so, giochi, software, films etc etc.

Come dice la bibbia (Google :D )

cdac11ba.exe is a part of MacroVision safeCast copy protection software. This piece of software allows manufacturers to protect their products from illegal duplication. Disabling, or deleting this process may corrupt the product it was supplied with.

Juni questo è un pezzo di software per evitare duplicazioni non autorizzate, di cosa non so, giochi, software, films etc etc.

Come dice la bibbia (Google :D )

cdac11ba.exe is a part of MacroVision safeCast copy protection software. This piece of software allows manufacturers to protect their products from illegal duplication. Disabling, or deleting this process may corrupt the product it was supplied with.
cdzilla no?:wtf:

cdzilla no?:wtf:

questo ho trovato ancora sotto il titolo USELESS (inutile):

c-dillacdac11ba
"C-Dilla" is the name of a developer company.
The servise is used to provide software activation services and CD Key verification services for anti-piracy reasons. This technology is bundled with many products. It also increases the ammount of popups you receive on your computer.
Recommend: Disable (spyware/adware).
Leave it only if you have the games required this service.

Naturalmente va disabilitato il processo nella lista dei processi (dopo averlo terminato of course)

questo ho trovato ancora sotto il titolo USELESS (inutile):

c-dillacdac11ba
"C-Dilla" is the name of a developer company.
The servise is used to provide software activation services and CD Key verification services for anti-piracy reasons. This technology is bundled with many products. It also increases the ammount of popups you receive on your computer.
Recommend: Disable (spyware/adware).
Leave it only if you have the games required this service.

Naturalmente va disabilitato il processo nella lista dei processi (dopo averlo terminato of course)
si sbagliavo nome,ma stiamo parlando dello stesso programma

concordo su tutto

su questo non ci devono essere dubbi. Va cancellato immediatamente
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe


questi vanno cancellati (probabilmente in modalità provvisoria e se esistono)

C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
vedo che mi avete anticipato cmq quoto tutto

quei file exe meglio cancellarli manualmente :)